Lucene search
+L

5777 matches found

Cvelist
Cvelist
added 2026/06/10 5:31 p.m.31 views

CVE-2026-50568 Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...

3.6CVSS0.00114EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/10 5:31 p.m.9 views

CVE-2026-50568 Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...

3.6CVSS5.4AI score0.00114EPSS
Exploits0References4
OSV
OSV
added 2026/06/10 5:31 p.m.4 views

CVE-2026-50568 Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...

3.6CVSS5.9AI score0.00114EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contain security vulnerabilities. These vulnerabilities stem from the SanitizeFilePath function, which uses string prefix checks instead of directory boundary checks. As a result,...

3.6CVSS5.3AI score0.00114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48513

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...

3.6CVSS5.4AI score0.00114EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 10:51 a.m.36 views

CVE-2026-47347 TYPO3 CMS - Open Redirect in Core Utilities

Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This...

5.3CVSS0.00294EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 10:51 a.m.32 views

CVE-2026-47347

CVE-2026-47347 affects TYPO3 CMS where GeneralUtility::sanitizeLocalUrl can be bypassed, enabling an open redirect if a URL is used after sanitization. Affected versions are older: 10.4.57, 11.0.0–11.5.50, 12.0.0–12.4.45, 13.0.0–13.4.30, and 14.0.0–14.3.2. The CVE entry notes the impact as open r...

5.3CVSS5.5AI score0.00294EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47740

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.50 TYPO3 CMS versions 12.0.0 through 12.4.45 TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Applications utilizing the...

5.3CVSS5.2AI score0.00294EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

TYPO3 CMS 输入验证错误漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a vulnerability in input validation of TYPO3 CMS, which stems from the GeneralUtility::sanitizeLocalUrl function. This function allows URLs to be used for redirection even after cleaning, potentiall...

5.3CVSS5.2AI score0.00294EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10210

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...

6.5CVSS6.1AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41067

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline ,...

6.1CVSS5.4AI score0.00189EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.11 views

CVE-2026-31205

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...

5.7CVSS5.5AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40186

ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option...

6.1CVSS5.7AI score0.00235EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-41278

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...

8.7CVSS5.4AI score0.00421EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.8 views

CVE-2026-44650

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, POST /api/extensions/delete endpoint accepts extensionName: "." which bypasses sanitize-filename...

9.1CVSS5.4AI score0.00567EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 9:5 p.m.11 views

ROOT-APP-NPM-CVE-2026-44990 CVE-2026-44990 in @rootio/sanitize-html - Patched by Root

Root has patched CVE-2026-44990 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

9.3CVSS5.8AI score0.00491EPSS
Exploits0
OSV
OSV
added 2026/06/04 8:57 p.m.5 views

ROOT-APP-NPM-CVE-2017-16016 CVE-2017-16016 in @rootio/sanitize-html - Patched by Root

Root has patched CVE-2017-16016 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

6.1CVSS5.4AI score0.01357EPSS
Exploits1
OSV
OSV
added 2026/06/04 8:57 p.m.8 views

ROOT-APP-NPM-CVE-2019-25225 CVE-2019-25225 in @rootio/sanitize-html - Patched by Root

Root has patched CVE-2019-25225 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

6.1CVSS5.4AI score0.00251EPSS
Exploits1
OSV
OSV
added 2026/06/04 8:57 p.m.6 views

ROOT-APP-NPM-CVE-2016-1000237 CVE-2016-1000237 in @rootio/sanitize-html - Patched by Root

Root has patched CVE-2016-1000237 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

6.1CVSS5.4AI score0.0084EPSS
Exploits0
OSV
OSV
added 2026/06/04 8:57 p.m.8 views

ROOT-APP-NPM-CVE-2021-26539 CVE-2021-26539 in @rootio/sanitize-html - Patched by Root

Root has patched CVE-2021-26539 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.01953EPSS
Exploits1
Rows per page
Query Builder